- Key insight: Hackers compromised France's centralized FICOBA database using stolen government credentials, exposing 1.2 million accounts.
- Supporting data: The compromised database contains records for approximately 300 million accounts belonging to 80 million individuals.
- Forward look: Customers are urged by the French Banking Federation to closely monitor their bank accounts for suspicious direct debit activity.
Overview bullets generated by AI with editorial review
A malicious actor compromised a French national banking database and exposed personal and financial information tied to 1.2 million bank accounts, the French government recently announced.
The attacker used stolen credentials belonging to a government official to access the database in late January 2026, according to the French finance ministry. Authorities detected and contained the breach by mid-February.
The French finance ministry (officially the Ministry of Economy, Finance, and Industrial and Digital Sovereignty), which prepares and implements France's economic policies, announced the breach on Wednesday.
The stolen data included names, addresses and bank account numbers, though the intruder could not view account balances or execute transactions, according to the ministry.
The breach highlights the vulnerabilities in centralized databases of financial information and illustrates the fraud risks that institutions must combat when customer identity data leaks.
The compromised database, known as the National File of Bank Accounts and Similar, or FICOBA, tracks every bank account, savings account and safe deposit box opened in France. It contains records for approximately 300 million accounts belonging to 80 million individuals, according to the Directorate General of Public Finances, which maintains the database.
FICOBA, which acts as an index of accounts rather than a complete ledger of balances and transactions, was originally created to prevent tax evasion. It is now used also as a tool for anti-money laundering, countering the financing of terrorism and to facilitate legal adjudications.
The French Banking Federation, or FBF, a professional organization representing all banks operating in France, urged customers to monitor their accounts closely for suspicious activity because the breach included International Bank Account Numbers, or IBANs.
These numbers alone cannot be used to directly authorize card payments, but criminals can use them to set up fraudulent direct debit mandates — authorizations that allow a creditor to pull funds directly from a customer's account or pay for subscription services, according to a Feb. 19 alert from the FBF.
Authorities have not identified the attacker in the case.
The FICOBA incident follows a December 2025 breach at the French Interior Ministry in which hackers accessed internal email servers and sensitive criminal record files after ministry employees shared passwords in plaintext emails.
The European Union Agency for Cybersecurity in November warned that governments face the most cyberattacks among public and private entities in the European Union, accounting for 38% of all incidents that the agency tracked.
